Version September 1999

The main intent of my 'Anonymity Lab'

The main intent of this section of my site is to SCARE YOU TO DEATH about the huge amount of data and private information33 you are 'smearing' around without even knowing it. Tears fill my eyes when I see so many good and nice Internauts fall prey of crooks of all sorts (from nasty software producer like Micro$oft, who hide snooping secret functions inside their applications, through the main search engines you use, that gather your searching patterns and store them without warning you to the outright 'dirty' crooks that search and lure gullible simpletons in order to sell them fake religions or fake tits or whatever fake they have to push). Matter is that the NASTY aspect of this nether world of us is never enough explained. There is no law here. Only Fravias, like we are, can eventually help the gullible and simple ones (and damage the crooks, which is great fun :-)

We fight of course more 'active' battles, as you'll learn on my [antismut] section, yet even the simple spreading of 'passive' knowledge can be very useful (knowledge, as Master +ORC has always said, is indeed a most powerful 'good' weapon), and we help, in this section, throwing our light on some of the 'hidden', 'dark' and 'mysterious' aspects of the Web.

You'll learn here some must-know anonymity concerns and some elementary counter-measures, yet, as you will see, the data you are leaking around are so many (and so valuable) that there is not really much that you can do, short of going undercover with a completely bogus identity... which is something that you will probably want to do after having read all this :-)

Where d'you wanna go, bud?

Wanna [trace] your visitors or learn how much info you are [smearing] around? Would you like to [snoop] their profile or [search] anonymously on the Web? You may even get acquainted with some [cookies] little tricks or [lure] your enemies into a trap. If you do not understand much, you better read first just how many [traces] you leave when you browse and how you can simply [send mail anonymously] on the web... you'll understand all the rest later. There are also some [Anonymity essays] that you may find interesting, and of course you may enjoy the [Ah Ah! Die cookie die!] section of this page as well :-)Else you may enjoy having a look at some [things that happen].

No anonimity, I regret

This section of mine about the traces you leave on my own servers was growing bigger and bigger and has been moved to my What Fravia knows about youpage, where all (scary) tracking possibilities used today will be discussed and some countermeasures will be analysed.

You leave traces, I said

Ahi! Your precious data!

The harddisk problemSome of the files that are on your computer (and that recent browsers can send over the Net WITHOUT telling you anything about it :-) might become interesting for adversaries, or the plain curious, or the bastards that want to sell you beer, or tits, or religions or cars:

AUTOEXEC.BATContains details of the locations of many important things on your computer system, among other things, the PATH variable will show where are your tools.

SYSTEM.INIContains still more details about the locations and software that you are running on your system, as well as other personal things that might be helpful for rogues to find out - like preferences and the like.

USER.DAT (On my computer, right now: 286692 bytes as c:\windows\user.dat and 286692 as c:\windows\user.da0, which is created as 'reference' when you set your computer on). This is one mighty important file. You better be prepared to get some cheap thrills about this one... if you did not already know about it.Inside this monster there are masses of data about you: the last few dozen places you've visited on the Internet, your name, email address, telephone number, various user ID's and passwords, details about software you use and your preferences, locations of files and folders, and literally hundreds of other personal things. You don't believe me? Here are some (very small) snippets from my own user.dat

There you are with your privacy concerns: your starting url, all the files/urls you accessed (above you can see as 'url 18', that I downloaded smpexe12.zip from pipeta) and even the very unencrypted names of the usenet groups you have been playing with lately...

YES, I wanted to scare you, you better have a look at your own user.dat asap, btw, make a local copy of it (from your c:\windows\profiles\Yourself) and browse it using Ultraedit. You'll be amazed at the wealth of information about yourself that this huge database helds... among other things all the search strings you have recently used! So, what can you do?Not much, anyway you can try: First make a backup of your "real" user.dat, and call it ggs541.myn or whatever, just in case.Second see if you find somewhere a "clean" installation user.dat (usually -on corporate machines- under /windows/profiles/instw95 or similar)... you may 'steal' a ready made one from some other machine or profile (you better choose wisely :-)Third, after having thoroughly checked everything inside it, just in case, substitute routinely your real one with this 'bogus' and 'clean' one. Don't let your data slip anew! You better write a simple batchfile (see my corporate survival tricks page) to automate this tedious task. (On my computer, after the 'cure': 86168 bytes as c:\windows\user.dat and 65688 as c:\windows\user.da0, which has been re-created as 'reference' after I have resetted my computer on). Of course you may not dispose of a clean user.dat file and you may have to reinstall windows ex-novo in order to get a clean user.dat, and this would not be such a bad idea after all! Nothing like a nice hard-disk "deep level" formatting every couple of months to keep your harddisk fit, destroying as well all those tracks you are smearing around without noticing it :-)

Morale: keep your sensitive data ON THE WEB somewhere where nobody in his right mind would ever look, nor understand them even if he did (say steganographed inside the dull images of a bogus page like "me and my little dog Barkie" :-) they will be MUCH more safe there than inside your own harddisk!

SYSTEM.DAT (On my computer, right now: 748252 bytes as c:\windows\system.dat and 748252 as c:\windows\system.da0, which is created as 'reference' when you set your computer on). Even worse than the above! Once again, lots more personal details, including also the location of all your windows passwords (login, screen saver, network, LAN, etc), every conceivable thing about your computer, its hardware and setup, and full details of all the software you're using or you have ever used (!) on your computer.You'll notice perusing this little monster the huge amount of wasted bytes occupied by Micro$oft's converter strings and messages. If you ever wanted a clear example of the 'messiness' of the poor operating system we are all compelled to use, just look at your c:\windows\system.dat overbloated register. Note also that there is a section of this crap (install information section) where you'll have the surprise to find the NAMES of all applications you have installed in the last couple of years (at least :-) on your computer... I have perused it right now in order to write this text, and I constate with stupefaction that I must have in fact installed and/or run on this machine -quite sometime ago- an impressive lot of crap that I had already forgot I ever had:

And there are more and more pages of software denominations I will not annoy you with, and a couple of surprises: I for instance absolutely DO NOT remember having ever installed anything like DRACULA.EXE it really beats me what the hell that's supposed to be! (of course -cela va sans dire- all those other games have been installed only in order to study their protection schemes... :-)

*.PWLLocated by knowing your username, or by looking up the above file. Inside here are all your passwords. These are easily decrypted (if necessary) on any laptop with SAVE-TO-DISK features and a disk editor.

nsform??.TMPAll the data inside every Netscape form you've ever submitted, with and without SSL, when the submission failed or was cancelled.

Inbox, Outbox, Sent, TrashA complete copy of all your incoming, outgoing, sent, and soon-to-be-deleted email. All in plain text without any encryption. I hope you're using PGP ! (I do not, because even that will not always work, see below)

SECRING.PGP, Secring.SKR, .ASC, etcYour secret keyrings, if you do happen to be using PGP! These are protected by your passphrase, so I hope you've got a realllllly long one, and it's not something any average cracker will be able to pick, and you're not running any keypress macro recorders or typing sniffers, and you've not got any Trojan Horses or Password Targeted Viruses busy siphoning off your passwords and passphrases, and you trust all the software you run on your PC, even Micro$oft's recent "on line sniffing programs"

MsWord, Excel, Access, PowerPoint All these programs, as well as windows itself, cache the filenames of the most recent documents you have been working on. This leads any attacker directly to your recent work!

/etc/passwdOne for the Unix folk. Running a cracking probe against this file will usually reveal dozens of usernames and passwords to anyone who wants to play with you or your users.

mm256.dat and mm2048.datSee the specific page about these two Micro$oft's monsters that are haunting your own computer (5 megabytes of concealed activity!)

Wanna have some "fun"? Type the following inside your Netscape URL window (Location):

about:memory-cache (you'll see the memory cache) about:image-cache (you'll see a list of the cached images...) about:global (you'll see global history entries) about:cache (you'll see all disk cache statistics) about:document (you'll get a new window with info about the current document)

Fun, eh?

You are being cracked

Have a look at DejaNews there you'll quickly discover how many indications about your interests can be gained by EVERYBODY just checking your usenet comments and mail (another good reason to use ALWAYS anonymous remailers)... this is really scary! Looks like the ideal playground for "blackemailers". All the search engines are slowly building huge databases with your preferences, they also react immediately to your search patterns... if you search for "tits" on Yahoo, you'll get some hideous pub about (not free) smut-services, if you search for "job", you'll get some hideous pub about (not-free) career services... do you really believe that all these data (about you) will be ever erased?

How to search anonymouslyAll the main search engines KEEP TRACK of your search strings and of your activity. There are on the web (very interesting) "search strings depots", listing the most used search strings (yes, you have guessed it, they are mostly sex-related) and you can even see 'on-line' the search actions performed by some users (on some search engines) that do not know that you are 'watching their search' while they perform (and refine) it... this is great fun. Another way to get at the search strings that people use (which may be very well thought little masterpiece of 'exact' searching, useful to learn the difficult art of searching correctly) is the "klebing" method, explained elsewhere on my site. As I have already explained in my "how to search" lessons, search engines are only ONE of the search strategies and approaches you can use. Yet their importance cannot be underestimated (that's the reason more and more search engines are popping up like fungi nowadays) and you better learn how to defend yourself from their tracking mechanisms. You should always try to use a dynamic IP (like compuserve or aol: your IP address and host name should always be the more anonymous and "neutral" you can get, if possible without any 'national' tag as well... see below Lord Caligo's lesson and my comments on how to get 'bogus' IP-dynamic host names :-)

Anyway, for the more paranoids (or the more careful) among you, here is a link to the anonymized Altavista search form (Courtesy of Fravia+... do not leave your tracks around!)

Of course no real anonymity section would be complete without an explanation of the above anonymizer...

Anonymous surfing

Crack the tricksters

You better begin to surf the Web anonymously if you want to be an "old" cracker. The anonymizer will allow you to do it whenever you feel like it. You actually do not need to visit the anonymizer page: just remember, when you smell a rat, to precede the *exact and complete* http://... address you want to visit, writing (even per hand in the "address" field of your browser) "http://www.anonymizer.com:8080/" before it. The spiders will then track your visit as "niobe.c2.com", or something similar. Are there other "...:8080" URLs that allow this kind of anonymity? Yes, many server (even if they do not realize it), just find yours if you do not trust the anonymizer (btw, :8081 works as well, only with less "concurrence" :-)

I'm sure you'll appreciate the fact that you may nowadays telnet using a fake proxy! Indeed there exist now a "Java Telnet Proxy Server" that will allow a telnet applet connecting with any server on the Internet! Here it is at netobjective And you can even choose the port!... Your little cracker's heart understand what this mean as well as I do, don't you? (and even if you don't understand now why this is QUITE important I'm sure you will in due time :-)

We live in a world where software (and hardware) developments are neither documented nor care to tell their user what's really going on under the hood (and under the hoop). Still not convinced? You still believe that the society you live in cares from something else than pushing you around along paths and patterns you are not even supposed to see? Well, if it is so, cookies may represent a very instructive example for you.

The Jar for your cookies Use Netscape, like all sensible Fravias do, DO NOT USE MS-Explorer: Micro$oft's Trojan Web_horse does not allow you to see its own traces, it's terribly slow in all its version, it is even more bugged than Netscape's Navigator (how they could pull even more bugs than Netscape really beats me :-) and, globally, Micro$oft's products are only good for lamers and people that has been brain-washed by frills and advertising, as you'll learn perusing the material inside +HCU's project 9, the "Micro$oft bashing" project. So use your good, relatively old and relatively stable Navigator version 3, that you may merrily reverse (in order to use its hidden functions to your advantage) using the material inside +HCU's project 5 that deals with Netscape cracking (and the many 'surprises' that are hidden inside the browsers you are using.OK, start your "cookies discovery" trip! You'll quickly see how very simple cookies (and there are much more nasty things around, thank Javascript) can lay some eggs inside your harddisk (inside your "cookies.txt" netscape file). Cookies -together with Javascript programs and Java applets- are the *FUTURE* of reverse engineering.So study them. Here is the coveted entrance to my cookies (and robots) pages

__

WARNING! Some of the cookies and of the secret robots pages are MICROSOFT EXPLORER HOSTILE

You may of course use Netscape, if you want (Best version is version 3 NOT version 4), but if you want to browse with a fast, complete and agile application (LESS than one million bytes! MUCH more fast and MUCH more configurable than the overbloated duo), you better download Opera right away... you'll never go back to the big Browsersaurii! Anyway I'm warning you: don't use Micro$oft's puke on my site!(Watch it! Some pages just "play" hostility, some are seriously hostile, so: don't complain you have not been warned! :-)

Click on this to see three simple anti Micro$oft Javascript applets

BTW, you may like to know already now which kind of cookie my pages will plant inside your computer, don't worry, it's an harmless little thing and looks like this (you may check later):

/Fravia FALSE 872928000 Fravia_cookie_noanon_page 1

Ah Ah! Die cookie die!As you (should) already know, the best way to eliminate once for all any cookies planting possibility is to create a directory cookies.txt inside Netscape's directory (where the file cookies.txt originally is). This directory will get a GREATER priority than the targeted file, and all cookies will be therefore sent to dev null. Ah Ah! Die cookie die! Once you have created this new cookies.txt directory you may quietly reset "Options"/ "Network preferences"/"protocols"/"show an alert before accepting a cookie" to NO, in fact the sites that you will visit will "believe" that they planted their silent cookies in your hardisk, and let you through without delay, yet you will know that no cookie whatsoever has been planted. Ah Ah! Die cookie die!

You may want to have a look at my counter measures page or, more directly, at my enemy tracking page, or, for some other funny tricks to my corporate survival tricks page in order to grasp even better some useful techniques and approaches, yet you'll find tricks all over my site, for instance on the links page, and of course on the search engines page and inside all my "how to search" lessons.

Common tricks to lure wannaby anonymous surfers

Crack the lamers

A common (in our trade) trick to lure wannaby anonymous surfers is the "fake page" trick: here is it is (courtesy of Fravia)

1) set up a page which is not connected with any other page 2) put some goodies on it that the target needs badly 3) write (remailing) to the target and tell him to download the goodies 4) target downloads... he will be one of the very few(*) that your spiders will track on the "fake" page in the following days

(*) Yes, he will not be the only one... somebody else will nevertheless come and visit your "secret" page: 1) a robot i.e. an automated spider looking for pages or information, logging, for instance, from Yahoo, but could also be private (the older ones use funny spiders, BTW) mostly these spiders are simple automated "logging in" from a remote server... and yes! There are ways to "catch" them and "reverse engineer" the kind of info they are carring away: Master +Alistair has long ago promised a tutorial on this strange art, let's hope he'll write it asap :-)2) a seeker (these are the guys that always check the full directory of a URL location just in order to find hidden pages there, simplest way is to use a /.rt command), or 3) the server administrator slaves. But these few occurrences apart, you'll get a lot information about your "anonymous" target (or your enemies will, if *YOU* are the target)

The Anonymity Essays

Fravia's Anonymity Academy

Well, this new section begins with some very interesting essays by our colleague and friend LordCaligo, I hope to receive more contributions from all the anonymity wizards among my readers... else I will start writing and adding some new essays myself... in the mean time you may also find interesting my how to search the web lessons, where I discuss subjects like 'combing', 'klebing' and automated retrieval of information through intelligent agents, all matters which may be quite relevant for anonymity purposes :-) (FAA_001)(FAA_002) FAA: PHASE C by Fravia+, 15 June 1997